JP2022171982A - Authentication program, authentication method and information processing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a user having a right to use a service to easily use the service provided by a service provider.

SOLUTION: A user 402 picks up images of a credit card 403 and an identification card 404 submitted to a card issuer by a user terminal 120, and transmits an authentication request containing image data 410 that represents these images to a card issuer server 110. The card issuer server 110 reads a card number of the credit card 403 from the image of the credit card 403 in the image data 410, and obtains identification card data on the user 402 to be stored in association with the card number. Next, the identification card 404 represented by the image data in the authentication request is checked up with the identification card represented by the obtained identification card data on the user 402. When they are consistent with each other, authentication succeeded information is transmitted to the user terminal 120. This enables the user 402 to use the service for card members.

SELECTED DRAWING: Figure 4A

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to an authentication program, an authentication method, and an information processing apparatus for supporting a user who has the right to receive a service provided by a service provider to use the service.

2. Description of the Related Art Conventionally, for example, card companies that issue credit cards have provided services for card members that allow card members to check credit card usage details and the like via the Internet. For example, a card member accesses a website for card members prepared by the card company, enters the user ID and password issued by the card company, and is authenticated as the card member. It becomes possible to use such a service.

As a conventional technology, a financial institution server, based on the account balance and withdrawal schedule information for each customer who is a credit card user, informs the customer of the account balance and card withdrawal schedule on the customer service page of Internet banking. There is a technique for generating a card withdrawal schedule screen on which the user can also confirm (see, for example, Patent Literature 1 below).

JP 2004-102787 A

The conventional technology has a problem that a service provided by a service provider to a specific user cannot be easily used even by a user who has the right to receive the service. For example, as described above, in the prior art, in order to use such services, the cardholder is authenticated by entering a user ID and password. However, for the elderly, for example, the act of entering a user ID and password, which are a series of alphabets and numbers, is a complicated and difficult task, and cannot be easily performed. Therefore, in the conventional technology, even if a service provider provides a service, the service may not be used effectively, and the provision of the service may not lead to an improvement in customer satisfaction with respect to the service provider.

SUMMARY OF THE INVENTION It is an object of the present invention to provide an authentication program, an authentication method, and an information processing apparatus that enable a user who has the right to receive a service to easily use the service, in order to solve the problems of the conventional technology described above. do.

In order to solve the above-described problems and achieve the object, an authentication program according to the present invention provides a first computer having an imaging device with different image data as an activation instruction button for accepting an operation to instruct activation of the imaging device. A plurality of activation instruction buttons for different authentication methods used are displayed on a display screen, and user authentication by the selected authentication method is requested by operating one activation instruction button corresponding to one authentication method selected by the user. and an authentication request including a plurality of image data of a unique authentication object owned by a user that can be used for the user authentication, taken from a plurality of angles including the upper surface on which the authentication information is described, and the side surface different from the upper surface. and when an operation on the activation instruction button is received, the imaging device is activated, the image data captured by the imaging device is acquired, and the authentication including the acquired image data It is characterized by executing a process of transmitting a request to a second computer that performs authentication based on the authentication request.

Further, in the authentication method according to the present invention, a first computer having an imaging device uses a plurality of activation instruction buttons of different authentication methods using different image data as activation instruction buttons for accepting an operation instructing activation of the imaging device. is displayed on the display screen, and by operating one of the activation instruction buttons corresponding to one authentication method selected by the user, user authentication is requested by the selected authentication method, and the users available for the user authentication are Accepting input of information related to an authentication request including a plurality of image data obtained by photographing a unique authentication object owned by the user from a plurality of angles including a top surface on which authentication information is described and a side surface different from the top surface, and the activation instruction. When an operation on a button is accepted, the imaging device is activated, the image data captured by the imaging device is acquired, and the authentication request including the acquired image data is authenticated based on the authentication request. It is characterized by executing a process that is transmitted to a second computer.

Further, the information processing apparatus according to the present invention displays, on the display screen, an imaging device and a plurality of activation instruction buttons for different authentication methods using different image data as activation instruction buttons for accepting an operation instructing activation of the imaging device. Then, by operating one activation instruction button corresponding to one authentication method selected by the user, a request for user authentication by the selected authentication method and a unique authentication owned by the user that can be used for the user authentication input of information related to an authentication request including a plurality of image data captured from a plurality of angles including a top surface on which authentication information is described and a side surface different from the top surface, and an operation of the activation instruction button is received. a control unit that activates the imaging device, acquires the image data captured by the imaging device, and transmits the authentication request including the acquired image data to a computer that performs authentication based on the authentication request. and

ADVANTAGE OF THE INVENTION According to this invention, it is effective in the user who has the right to receive a service to be able to utilize the said service easily.

FIG. 1 is a diagram showing an example of a system configuration of a service utilization support system according to this embodiment. FIG. 2 is a block diagram showing an example of the hardware configuration of a computer that implements the card company server according to the present embodiment. FIG. 3 is a block diagram showing an example of the hardware configuration of a computer that implements the user terminal according to this embodiment. FIG. 4A is a diagram showing an example of a first authentication method performed by the card company server of the present embodiment. FIG. 4B is a diagram showing an example of a second authentication method performed by the card company server of this embodiment. FIG. 4C is a diagram showing an example of a third authentication method performed by the card company server of this embodiment. FIG. 5 is a diagram showing an example of a card member information DB according to this embodiment. FIG. 6 is a block diagram showing an example of the functional configuration of the card company server according to this embodiment. FIG. 7 is a diagram showing an example of the start screen displayed by the user terminal according to the embodiment. FIG. 8 is a diagram showing an example of a shooting screen displayed by the user terminal according to the embodiment. FIG. 9 is a diagram showing an example of a category selection screen displayed by the user terminal according to this embodiment. FIG. 10 is a diagram showing an example of a menu screen displayed by the user terminal according to this embodiment. FIG. 11 is a diagram showing an example of an authentication failure notification screen displayed by the user terminal according to the embodiment. FIG. 12 is a diagram showing an example of an authentication image selection screen displayed by the user terminal according to the present embodiment. FIG. 13 is a flow chart showing an example of authentication request transmission processing performed by the user terminal according to the present embodiment. FIG. 14 is a flowchart showing an example of authentication success/failure information reception processing performed by the user terminal according to the present embodiment. FIG. 15A is a flowchart (part 1) showing an example of authentication processing performed by the card company server of the present embodiment. FIG. 15B is a flowchart (part 2) showing an example of authentication processing performed by the card company server according to the present embodiment. FIG. 15C is a flowchart (part 3) showing an example of authentication processing performed by the card company server according to the present embodiment.

Exemplary embodiments of an authentication program, an authentication method, and an information processing apparatus according to the present invention will be described below in detail with reference to the accompanying drawings.

(Example of system configuration of service utilization support system)
FIG. 1 is a diagram showing an example of a system configuration of a service utilization support system according to this embodiment. In FIG. 1, the service utilization support system 100 includes a card company server 110 and a user terminal 120 . In the service utilization support system 100, the card company server 110 and the user terminal 120 are communicably connected via the network . Network 130 is, for example, the Internet. The network 130 is not limited to the Internet, and may be a WAN (Wide Area Network), a LAN (Local Area Network), Wi-Fi (registered trademark), a mobile communication network, or the like.

The card company server 110 is an example of an information processing device according to the present invention. The card company server 110 is, for example, a server (computer) managed by a card company that issues credit cards used in a card settlement system. A credit card is formed, for example, by printing or engraving a card number, expiration date, etc. of the credit card on a plastic plate of a predetermined size. In addition, a credit card is provided with a storage medium in which information indicating the card number of the credit card is stored. As this storage medium, an IC (Integrated Circuit) chip, a magnetic stripe, or the like is used.

A credit card number consists of, for example, a multi-digit number (for example, 6 digits) that identifies the issuing card company, and a multi-digit number (for example, 10 digits) uniquely assigned to the credit card by the issuing card company. digits), and As a result, the card number becomes a unique number for each credit card. A credit card is an example of a membership card according to the present invention, and a card number is an example of user identification information and card identification information according to the present invention.

The card company server 110 has a storage unit 111, for example. The storage unit 111 stores card member information about a card member (card holder) who owns a credit card issued by a card company. Card member information will be described later with reference to FIG.

The card company server 110 also has a communication unit. This communication unit allows the card company server 110 to communicate with the user terminal 120 . The card company server 110 is implemented by a server computer, workstation, personal computer, or the like.

A card company provides a service for card members that allows the card member to check the usage details of the credit card, for example, through a web page for card members provided on the card company server 110 . In addition, card companies distribute applications for card members to access web pages for card members (hereinafter "card member applications"). A card company is an example of a service provider according to the present invention. Also, the service for card members is an example of the service provided by the service provider according to the present invention.

In this embodiment, an example in which storage unit 111 is provided in card company server 110 will be described, but storage unit 111 may be provided outside card company server 110 . In this case, storage unit 111 can be realized by a storage device that card company server 110 can access via network 130 .

The user terminal 120 is a terminal (computer) used by a user. A user is, for example, a user who has the right to use services for card members provided by a card company, that is, a card member. For example, the card member application described above is installed in the user terminal 120 .

The user terminal 120 includes an input device that accepts input of various information. The input device of the user terminal 120 is, for example, a touch panel that receives operations from the user. The user terminal 120 also includes an output device that outputs various information. The output device of the user terminal 120 is, for example, a display that displays various information.

The user terminal 120 also includes, for example, an imaging device that captures an image of an imaging target according to an operation from the user. This imaging device is, for example, a camera. Also, the user terminal 120 includes a communication unit. This communication unit allows the user terminal 120 to communicate with the card company server 110 . The user terminal 120 is implemented by a smartphone, tablet terminal, personal computer, or the like.

(An example of a hardware configuration of a computer that realizes the card company server 110)
FIG. 2 is a block diagram showing an example of the hardware configuration of a computer that implements the card company server according to the present embodiment. In FIG. 2 , the computer that implements card company server 110 includes CPU (Central Processing Unit) 201 , memory 202 , and communication IF (Interface) 203 . CPU 201 , memory 202 and communication IF 203 are connected by bus 210 .

The CPU 201 controls the entire computer that implements the card company server 110 . The memory 202 is used as a work area for the CPU 201 and stores various programs such as a boot program and various data used by these programs. For example, the memory 202 stores a card member information DB, which will be described later.

The memory 202 is implemented by various memory devices (circuits) such as ROM (Read-Only Memory), RAM (Random Access Memory), HDD (Hard Disc Drive), HD (Hard Disc), and SSD (Solid State Drive). can do.

The communication IF 203 is connected to the network 130 and controls the interface between the inside of the computer realizing the card company server 110 and the outside of the computer. Specifically, the communication IF 203 controls input/output of data between a computer that implements the card issuer server 110 and another computer (for example, the user terminal 120).

(Example of hardware configuration of computer realizing user terminal 120)
FIG. 3 is a block diagram showing an example of the hardware configuration of a computer that implements the user terminal according to this embodiment. In FIG. 3, the computer that implements the user terminal 120 includes a CPU 301, a memory 302, an output device 303, an input device 304, and a communication IF305. CPU 301 , memory 302 , output device 303 , input device 304 and communication IF 305 are connected by bus 310 .

The CPU 301 controls the entire computer that implements the user terminal 120 . The memory 302 is used as a work area for the CPU 301 and stores various programs such as a boot program and various data used by these programs. The memory 302 can be realized by various memory devices (circuits) such as ROM, RAM, SSD, HDD and HD.

The output device 303 is, for example, a liquid crystal display or an organic EL (Electro-Luminescence) display that displays characters and images. The input device 304 includes keys for inputting characters, numerical values, various instructions, etc., and performs data input. The input device 304 is, for example, a touch panel. Further, for example, if the computer that implements the user terminal 120 is a personal computer, the input device 304 may be a keyboard, mouse, numeric keypad, or the like. The input device 304 outputs to the CPU 301 a signal corresponding to an input operation on the input device 304 .

Also, the computer that implements the user terminal 120 has a camera as the input device 304 . The camera, for example, is controlled by the CPU 301 to image an object to be imaged, generate image data, and output the generated image data to the CPU 301 . Further, the camera may convert captured characters into data using a bar code, OCR function, or the like, and output the data to the CPU 301 .

Further, for example, if the computer that implements the user terminal 120 is a personal computer, the input device 304 may be a scanner that reads characters, images, and the like. Further, the input device 304 may include a microphone for inputting voice and the like. The microphone analog/digital converts the speaker's voice input as analog data, generates digital voice data, and outputs the generated voice data to CPU 301 .

The communication IF 305 is connected to the network 130 and controls the interface between the inside of the computer realizing the user terminal 120 and the outside of the computer. Specifically, the communication IF 305 controls input/output of data between a computer that implements the user terminal 120 and another computer (for example, the card company server 110). Communication IF 305 may also be connected to a telephone network and used for voice communication.

(Example of authentication method performed by card company server 110)
Next, an example of an authentication method performed by the card company server 110 will be described. FIG. 4A is a diagram showing an example of a first authentication method performed by the card company server of the present embodiment. In FIG. 4A, a user 402 who wishes to be issued a credit card by a card company 401 applies for membership to the card company 401 (see FIG. 4A(1)).

When applying for membership, the user 402 reports his/her name, contact information, income, etc. to the card company 401 and submits (a copy of) an identification card to the card company 401 . The identification card submitted by the user 402 is of a type specified in advance by the card company 401, and the card company 401 is aware of its external features (for example, shape, pattern, and color). is a certificate. The identification document submitted by the user 402 is, for example, a driver's license or my number card.

The card company 401 examines whether or not to issue a credit card to the user 402 in response to the membership application from the user 402 . In the example described here, it is assumed that the credit card company 401 has decided to issue a credit card to the user 402 as a result of examination. In this case, the card company 401 associates the card information of the credit card 403 issued to the user 402, the user information of the user 402, and the identification card data related to the identification card submitted by the user 402. Card member information is registered in the card company server 110 (storage unit 111) (see FIG. 4A(2)).

Here, the card information is, for example, information indicating the card number and expiration date of the credit card 403 . The user information is, for example, information indicating the name and contact information of the user 402 . The identification card data is, for example, information obtained by image analysis of an identification card image representing the identification card submitted by the user 402 . Specifically, for example, the identification data is information indicating feature points of the identification card image. Also, the identification card data may be image data of an identification card image.

The card company 401 then ships the credit card 403 to the user 402 (see FIG. 4A(3)). As a result, the user 402 becomes a card member of the card company 401 and obtains the right to receive services for card members provided by the card company 401 . After receiving the credit card 403, the user 402 accesses the web page for card members provided on the card company server 110 and accepts the card by being authenticated by, for example, the following first to third authentication methods. It becomes possible to use services for members.

(First authentication method)
First, the first authentication method will be explained. The first authentication method is an authentication method that uses the credit card 403 and the identification card submitted by the user 402 to the card company 401 . When being authenticated by the first authentication method, the user 402 activates the cardholder application installed in the user terminal 120 and photographs the credit card 403 and the identification card 404 with the camera of the user terminal 120 . An identification card 404 is an identification card submitted by the user 402 to the card company 401 when applying for membership, and is, for example, the driver's license of the user 402 .

In this case, the user terminal 120 transmits to the card company server 110 the first authentication request including the image data obtained by the photographing (see FIG. 4A(4)). In the example described here, it is assumed that the user 402 placed the credit card 403 and the identification card 404 side by side and photographed them at the same time. In this case, user terminal 120 transmits to card company server 110 a first authentication request including image data 410 representing an image in which credit card 403 and identification card 404 are arranged side by side.

In this case, the card company server 110 detects the credit card image representing the credit card and the identification card image representing the predetermined identification card from the images represented by the image data included in the received first authentication request (FIG. 4A). (5) reference). The predetermined identification card is an identification card of a type specified by the card company 401, and is an identification card for which the card company 401 has grasped the external features in advance. An example of a method of detecting a credit card image and an identification card image will be described later.

In the example described here, the images represented by the image data 410 include images of the credit card 403 and the identification card 404 . Therefore, the card company server 110 detects the credit card image and the identification card image from the image represented by the image data included in the received first authentication request.

When the credit card image and the identification card image are detected in this way, the card company server 110 acquires the card number written on the credit card from the detected credit card image (see FIG. 4A (6)). In the example described here, the card company server 110 acquires the card number of the credit card 403 by reading the card number written on the credit card 403 from the image of the credit card 403 . Thereby, the card company server 110 can acquire the card number of the credit card 403 . At this time, the card company server 110 may also read the expiration date and name written on the credit card 403 from the image of the credit card 403 .

Then, the card company server 110 uses the card number acquired in FIG. 4A(6) as a search key to search the card member information including this card number from the storage unit 111 (FIG. 4A(7)). In the example described here, since the card company server 110 has acquired the card number of the credit card 403 , it searches for card member information including the card number of the credit card 403 . This allows the card issuer server 110 to retrieve the cardholder information of the user 402 .

If the expiration date and the like are also read in FIG. 4A(6), in FIG. 4A(7), the combination of the read card number and the expiration date is used as a search key to search for card member information. You should do it like this. In this way, the card company server 110 can prevent, for example, successful authentication by the first authentication method based on the credit card image of an expired credit card.

When the card member information is retrieved, the card company server 110, based on the identification card data of the card member information and the identification card image detected in FIG. The certificate and the identification card represented by the detected identification card image are checked to see if they are the same (see FIG. 4A (8)). An example of this matching method will be described later. In the example of FIG. 4A, both the identification card indicated by the identification card data and the detected identification card image relate to the same identification card 404, so the card company server 110 determines that the same identification It is judged to be written.

If the card company server 110 determines that it is the same identification card as described above, the card company server 110 transmits authentication success information that enables the user 402 to use services for card members to the user terminal 120 (see FIG. 4A (9)). ). This enables the user 402 to use services for card members.

On the other hand, if the card member information is not retrieved in FIG. 4A(7), or if it is determined that it is not the same identification card in FIG. For example, it transmits authentication failure information indicating that authentication has failed to the user terminal 120 . In this case, if the user 402 wants to use the service for card members, he/she needs to be authenticated again by the first authentication method or be authenticated by another authentication method.

As described above, according to the first authentication method, the user 402 photographs the credit card 403 and the identification card 404 using the user terminal 120, and sends the first authentication request including these image data to the card company. By transmitting to the server 110, it becomes possible to use services for card members. That is, for example, the user 402 registers the user terminal 120 with the card company server 110 before being authenticated by the first authentication method, or enters a user ID, password, etc. when being authenticated by the first authentication method. It is possible to use services for card members by authentication by the first authentication method without doing so.

As a result, the card company server 110 can facilitate the use of the card member service by the user 402 and promote the use of the card member service by the user 402 . Therefore, the card company 401 can improve the convenience of the user 402 through the service for card members and improve the customer satisfaction of the user 402 with respect to the card company 401 .

Also, the card company server 110, for example, stores the user terminal 120 used for the previous first authentication and the user terminal 120 used for the current first authentication for the user 402 to use the service for card members. are different, the card member information of the user 402 may be referred to, and the contact information of the user 402 may be notified to that effect (for example, a message such as "There was a login from a different terminal").

If the user terminal 120 used for the previous first authentication is different from the user terminal 120 used for the current first authentication, the card company server 110 notifies the card company of the fact. An employee may be notified, and an employee of the card company may notify the user 402 to that effect by letter or the like. For example, if the user terminal 120 transmits a first authentication request including terminal identification information of its own terminal to the card company server 110, the card company server 110 receives the terminal identification information of the first authentication request. It becomes possible to detect that the user terminal 120 used for the first authentication is different. Terminal identification information will be described later.

In the above example, the user terminal 120 is equipped with an imaging device such as a camera and transmits an authentication request including image data captured by the imaging device to the card company server 110, but the present invention is not limited to this. For example, when a digital camera different from the user terminal 120 and the user terminal 120 are connected by short-range wireless communication such as Bluetooth (registered trademark) or Wi-Fi, the digital camera captures an image. Data can be transmitted to the user terminal 120 . In this case, the user terminal 120 may transmit an authentication request including image data received from the digital camera to the card company server 110 .

(Second authentication method)
Next, the second authentication method will be explained. FIG. 4B is a diagram showing an example of a second authentication method performed by the card company server of this embodiment. In FIG. 4B, portions similar to those in FIG. 4A are denoted by the same reference numerals, and description thereof will be omitted as appropriate.

The second authentication method is an authentication method that uses an authentication image preset for the card company server 110 by the user 402 . That is, when receiving the second authentication method, the user 402 registers a desired image in the card company server 110 in advance as an authentication image (see FIG. 4B(10)). For example, the user 402 can register a desired image as an authentication image in the card company server 110 by using the service for card members after being authenticated by the first authentication method described above. In response to this registration, the card company server 110 stores information including the authentication image data related to the authentication image of the user 402 as the card member information of the user 402 .

Here, the authentication image data may be, for example, image data representing an authentication image registered by the user 402, or may be information obtained by image analysis of the authentication image registered by the user 402. There may be. When information obtained by image analysis of the authentication image is used as the authentication image data, the authentication image data may be, for example, information indicating feature points of the authentication image. In the example described here, the user 402 sends an authentication image registration request including the image data 421 representing the image taken with the pen 405 to the card company server in order to register the image taken with the favorite pen 405 as the authentication image. Sending to 110.

Further, when receiving authentication by the second authentication method, the user 402 registers, for example, terminal identification information of the user terminal 120 in the card company server 110 in advance. The terminal identification information is information that identifies the user terminal 120 , that is, information that identifies the user 402 using the user terminal 120 . The terminal identification information is information indicating the telephone number or mail address of the user terminal 120, or the serial number of the user terminal 120, or the like. Further, the terminal identification information may be information indicating the MAC address of the user terminal 120, information indicating an ID assigned to a card member application installed in the user terminal 120, or the like. For example, the user 402 can register the terminal identification information in the card company server 110 by using the service for card members after being authenticated by the above-described first authentication method in the same manner as the registration of the authentication image. . In response to this registration, the card company server 110 stores information including the terminal identification information of the user 402 as the card member information of the user 402 .

When the user 402 is to be authenticated by the second authentication method, the user 402 activates the card member application installed on the user terminal 120, and follows the instructions of the card member application to register with the card company server 110 using the camera of the user terminal 120. Shoot the same subject as the authentication image you created.

In this case, when the user terminal 120 receives a photographing instruction (for example, pressing the shutter button) from the user 402 and performs photographing, a second An authentication request is sent to the card company server 110 (see FIG. 4B(11)). In the example described here, it is assumed that the user 402 captures an image of the pen 405 in the same manner as the authentication image. In this case, user terminal 120 transmits a second authentication request including image data 422 representing an image of pen 405 to card company server 110 .

Further, the user terminal 120 performs predetermined processing on the image data obtained by the above photographing, such as rotating or deforming the image data so that the second collation unit 609, which will be described later, can easily collate the image data. good too. In this case, the details of processing by the user terminal 120 may be appropriately designated by the user, or may be preset for the card member application by the card company or the like.

Furthermore, the user terminal 120 may divide the image data obtained by the photographing described above to generate a front view, a side view, an elevation view, and the like. In addition, the user terminal 120 asks the user 402 to take multiple shots (from different angles) such as, for example, "Please take a picture of the front", "Please take a picture of the side", and "Please take a picture of the top". may be instructed to perform photographing from the camera, and a second authentication request including a plurality of image data obtained by these photographing may be transmitted.

In this way, the card issuer server 110 can register a plurality of images obtained by photographing one subject as images for authentication. It becomes possible to carry out, and it becomes possible to raise the precision of the said collation.

Also, the user terminal 120 may display an image represented by the image data obtained by the above-described photographing on the display. At the time of this display, the user terminal 120 directly displays the image represented by the image data obtained by the above-described photographing, for example. Alternatively, the image represented by the image data may be displayed on the user terminal 120 by having the card company server 110 return the image data included in the second authentication request to the user terminal 120 .

As a result, the user can check whether an expected image (imaging result) has been obtained from the image displayed on the user terminal 120, and the matching accuracy of the second matching unit 609, which will be described later, is improved. It is also possible to shoot again. Specifically, for example, when the user thinks that the captured image is dark, the user can illuminate the subject using a light provided in the user terminal 120 and then recapture the image.

In this case, the card company server 110 uses the terminal identification information included in the received second authentication request as a search key to search the storage unit 111 for card member information including the terminal identification information (see FIG. 4B (12)). ). When the card member information is retrieved, the card company server 110 acquires the authentication image data of the retrieved card member information from the storage unit 111 . Then, the card company server 110 checks whether the acquired image data for authentication and the image represented by the image data 422 of the second authentication request are images of the same subject (FIG. 4B (13 )reference). An example of this matching method will be described later.

In the example of FIG. 4B, the image represented by the image data for authentication and the image represented by the image data 422 of the second authentication request are obtained by photographing with the same pen 405. Therefore, the card company server 110 performs verification. As a result, it is determined that they are the same subject.

If the card company server 110 determines that the same subject has been photographed in this way, the card company server 110 transmits to the user terminal 120 authentication success information that enables the user 402 to use services for card members (FIG. 4B ( 14)). This enables the user 402 to use services for card members.

On the other hand, if the card member information is not retrieved in FIG. 4B(12), or if it is determined that the same subject is not photographed in FIG. Instead, for example, authentication failure information indicating that authentication has failed is transmitted to the user terminal 120 . In this case, if the user 402 wants to use the service for card members, he/she needs to be authenticated again by the second authentication method or be authenticated by another authentication method.

As described above, according to the second authentication method, the user 402 uses the user terminal 120 to photograph the same subject as the authentication image preset by the user 402 in the card company server 110, and obtains the image data. is sent to the card company server 110, it becomes possible to use services for card members. That is, the user 402 uses his or her favorite image as a password instead of a string of characters such as alphabets and numbers that are difficult to remember and easy to forget, and receives authentication by the second authentication method to use services for card members. becomes possible.

As a result, the card company server 110 can facilitate the use of the card member service by the user 402 and promote the use of the card member service by the user 402 . Therefore, the card company 401 can improve the convenience of the user 402 through the service for card members and improve the customer satisfaction of the user 402 with respect to the card company 401 .

Further, for example, when an image obtained by photographing a mass-produced product is used as an image for authentication, there is a possibility that the strength of authentication by the second authentication method is lower than the strength of authentication by the first authentication method. Therefore, as described above, the registration of authentication images can be performed only when the service for card members is used after being authenticated by the first authentication method, which is considered to be stronger than authentication by the second authentication method. may

Further, in the above example, the user 402 shoots the same subject as the authentication image when using the second authentication method, but the present invention is not limited to this. For example, the user terminal 120 stores the image data 421 of the authentication image, and allows the user 402 to select the image data 421 from the stored image data list when using the second authentication method. can be In this case, user terminal 120 transmits a second authentication request including image data 421 of the image selected by user 402 to card company server 110 . In this way, even when the same subject as the authentication image cannot be photographed, the user 402 can be authenticated by the second authentication method and use the service for card members.

(Third authentication method)
Next, the third authentication method will be explained. FIG. 4C is a diagram showing an example of a third authentication method performed by the card company server of this embodiment. In FIG. 4C, parts similar to those in FIGS. 4A and 4B are denoted by the same reference numerals, and descriptions thereof are omitted.

As with the second authentication method, the third authentication method is also an authentication method that uses an authentication image that the user 402 presets for the card company server 110 . That is, when receiving the third authentication method, the user 402 registers a desired image in the card company server 110 in advance as an authentication image. Further, when receiving authentication by the third authentication method, the user 402 registers, for example, terminal identification information of the user terminal 120 in the card company server 110 in advance.

Then, when the user 402 is to be authenticated by the third authentication method, the user 402 activates the card member application installed in the user terminal 120 and performs an operation for being authenticated by the third authentication method. Upon accepting this operation, the user terminal 120 transmits to the card company server 110 a third authentication request including the terminal specifying information and indicating that the user is to be authenticated by the third authentication method (see FIG. 4C(21)).

The card company server 110 uses the terminal identification information included in the received third authentication request as a search key to search the storage unit 111 for card member information including the terminal identification information (see FIG. 4C(22)). When the card member information is retrieved, the card company server 110 acquires the authentication image data of the retrieved card member information from the storage unit 111 (see FIG. 4C(23)). Also, the card company server 110 acquires dummy image data different from the acquired authentication image data (see FIG. 4C (24)).

The dummy image data may be anything as long as it represents an image different from the acquired image data for authentication. The card company server 110 may, for example, acquire dummy image data pre-stored in the storage unit 111 by an employee of the card company 401, or may acquire dummy image data via the network 130. good too.

Then, the card company server 110 transmits third authentication data including the acquired authentication image data and dummy image data to the user terminal 120 (see FIG. 4C(25)). In the example described here, the third authentication data including image data 421 representing the pen 405 as the authentication image data, image data 431 representing the mug cup as dummy image data, image data 432 representing the key, etc. is sent to the user terminal 120. assumed to have been sent.

The user terminal 120 displays images represented by the authentication image data and the dummy image data based on the received third authentication data, and receives an operation from the user 402 to select one of the displayed images. . In the example described here, the user 402 accepts an operation of selecting one of the images such as the image data 421 , the image data 431 and the image data 432 .

Then, when any image is selected by the user 402, the user terminal 120 transmits selected image information indicating the selected image to the card company server 110 (see FIG. 4C(26)). In the example described here, since the image represented by the image data 421, that is, the image of the pen 405 has been selected by the user 402, the selected image information indicating that the image represented by the image data 421 has been selected is transmitted to the card company server 110. shall be

The card company server 110 determines whether or not the authentication image has been selected by the user 402 based on the received selected image information (see (27) in FIG. 4C). In the example described here, since the image represented by the image data 421 has been selected, the card company server 110 determines that the authentication image has been selected.

When determining that the authentication image has been selected in this way, the card company server 110 transmits to the user terminal 120 authentication success information that enables the user 402 to use services for card members ((28) in FIG. 4C). reference). This enables the user 402 to use services for card members.

On the other hand, if the card member information is not retrieved in FIG. 4C(22), or if it is determined that the authentication image has not been selected in FIG. Instead, for example, authentication failure information indicating that authentication has failed is transmitted to the user terminal 120 . In this case, if the user 402 wants to use the service for card members, he/she needs to be authenticated again by the third authentication method or be authenticated by another authentication method.

As described above, according to the third authentication method, the user 402 selects the authentication image preset for the card company server 110 from among the images displayed based on the third authentication data. By doing so, it becomes possible to use services for card members. That is, the user 402, for example, uses his or her favorite image instead of a string of characters such as alphabets and numbers that are difficult to remember and easy to forget, and receives authentication by the third authentication method to use services for card members. becomes possible.

As a result, the card company server 110 can facilitate the use of the card member service by the user 402 and promote the use of the card member service by the user 402 . Therefore, the card company 401 can improve the convenience of the user 402 through the service for card members and improve the customer satisfaction of the user 402 with respect to the card company 401 .

Further, according to the third authentication method, for example, even when the user 402 is in a situation where it is not possible to take an image using the user terminal 120 (for example, in a dark environment), the third authentication method can be used. It is possible to use services for card members after receiving authentication by.

In this embodiment, an example in which card company server 110 can perform authentication by any of the first to third authentication methods will be described, but the present invention is not limited to this. The card company server 110 may perform only authentication by at least one of the first to third authentication methods.

Further, the card company server 110 may be configured to perform authentication by other authentication methods in addition to authentication by the first to third authentication methods. As another authentication method, for example, an authentication method (hereinafter referred to as “fourth authentication method”) that asks the user where the authentication image was taken is conceivable.

When adopting the fourth authentication method, the user terminal 120 includes a location information acquisition unit that acquires location information of its own terminal. The position information acquisition unit is, for example, a GPS (Global Positioning System) unit. In this case, when the user terminal 120 takes a picture in response to an operation from the user, it generates image data including position information of its own terminal at that time. Then, the user terminal 120 transmits the image data selected by the user and including the positional information to the card company server 110, so that the card company server 110 uses the image data as user authentication image data. be memorized.

In this case, when the card company server 110 receives the fourth authentication request requesting authentication by the fourth authentication method from the user terminal 120, the image represented by the authentication image data and the message "What prefecture was this taken in?" Is it?” is transmitted to the user terminal 120. Then, the card company server 110 receives the information indicating the location input by the user from the user terminal 120, compares the received information indicating the location with the location information of the authentication image data, and confirms that they are the same location. If so, the authentication success information is sent to the user terminal 120 to enable the user to use card member services.

In addition, the card company server 110 may perform authentication (hereinafter referred to as "fifth authentication") using an authentication image, a question registered by the user, and an answer to the question. In this case, the user terminal 120 sends information indicating the question received from the user (for example, "Who did you get this from?" and the answer (for example, "Mother") to the card company server 110 along with the authentication image data. The card company server 110 stores them in association with each other.

In this case, when the card company server 110 receives the fifth authentication request requesting authentication by the fifth authentication method from the user terminal 120, the image represented by the authentication image data and the question registered by the user are displayed. The fifth authentication data to allow the authentication is transmitted to the user terminal 120 . Then, the card company server 110 receives the information indicating the answer input by the user from the user terminal 120, and compares the received information indicating the answer with the information indicating the answer linked with the authentication image data. , and these indicate the same content, the authentication success information is transmitted to the user terminal 120 so that the user can use the service for card members.

Even if authentication is performed by such other authentication methods, the user can, for example, use words recalled from his or her favorite images, instead of a list of characters such as alphabets and numbers that are difficult to remember and easy to forget. can be authenticated instead of a password to use services for card members. Therefore, the card company server 110 can facilitate the use of the card member service by the user 402 and promote the use of the card member service by the user 402 .

(Example of information stored in storage unit 111)
Next, an example of information stored in the storage unit 111 will be described. FIG. 5 is a diagram showing an example of a card member information DB according to this embodiment. Storage unit 111 stores, for example, card member information DB 500 shown in FIG. The card member information DB 500 stores card member information in which, for example, card number, expiration date, name, contact information, terminal identification information, identification data, authentication image data, user ID and password are associated with each other.

In the card member information, the card number indicates the card number of the credit card issued by the card company. The card number is an example of user identification information according to the present invention, as described above. In the card member information, the name indicates the name of the card member who owns the credit card of each card number, for example, the name in Japanese and the name in Roman letters. In the card member information, the expiration date indicates the expiration date of the credit card of each card number.

In the card member information, the contact information indicates the contact information of the card member who owns the credit card of each card number, such as the telephone number and e-mail address of the user terminal 120 used by each card member. In the card member information, the terminal identification information is information that identifies the user terminal 120 used by the card member who owns the credit card of each card number. or MAC address.

In addition, as described above, the terminal identification information is another example of user identification information according to the present invention. may be User identification information (e.g., card number) and identification information (terminal identification information, e.g., serial number or MAC address) of a terminal equipped with an imaging device are associated and stored in advance, so that the card company server 110 can , the identification information of the user (that is, the user) can be specified from the identification information of the terminal. Alternatively, the telephone number or mail address of the user terminal 120 may be used as the terminal identification information.

Further, in the card member information, the identification data indicates the identification data regarding the identification of the card member who owns the credit card of each card number. The identification card data is, for example, image data of an identification card image representing an identification card. Further, the identification data may be information indicating the result of image analysis of the identification card image (for example, information indicating feature points of the identification card image).

Further, in the card member information, the authentication image data indicates the authentication image data related to the authentication image registered by the card member who owns the credit card of each card number. The authentication image data is, for example, image data representing an authentication image. Further, the authentication image data may be information indicating an image analysis result of image analysis of the authentication image (for example, information indicating feature points of the authentication image).

Also, in the card member information, the user ID is a user ID for card member service of the card member who owns the credit card of each card number. In the card member information, the password is the password for card member service of the card member who owns the credit card of each card number.

The card number, expiration date, name, contact information, identification data, user ID and password in the card member information are stored in the card member information DB 500 by an employee of the credit card company when the credit card is issued, for example. be done. In addition, the terminal identification information and identification data in the card member information are stored in the card member information DB 500 by the card member who uses the service for card members. In addition, the card member can change the contact address, authentication image data, user ID and password in his/her own card member information as appropriate, for example, by using the service for card members.

In addition to the information shown in the figure, card member information includes information indicating the card member's address, income, place of work, available amount, credit card usage details, etc. You may allow

(Example of functional configuration of card company server 110)
Next, an example of the functional configuration of the card company server 110 will be described. FIG. 6 is a block diagram showing an example of the functional configuration of the card company server according to this embodiment. First, the functional units of the card issuer server 110 when performing authentication by the first authentication method will be described. When authentication is performed by the first authentication method, the card company server 110 includes, for example, a reception unit 600, an authentication request acquisition unit 601, an image analysis unit 602, a determination unit 603, a card information acquisition unit 604, a search unit 605, A first collation unit 606 and an output control unit 607 are provided.

The reception unit 600 receives various information transmitted from the user terminal 120 or the like to the card company server 110 . Accepting unit 600 outputs the accepted information to authentication request acquiring unit 601 . The reception unit 600 is realized by, for example, the communication IF 203 shown in FIG. The receiving unit 600 is an example of receiving means according to the present invention.

Authentication request acquisition unit 601 acquires an authentication request including image data from the information received from reception unit 600 , and outputs the acquired image data of the authentication request to image analysis unit 602 . The authentication request acquisition unit 601 is implemented, for example, by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

The image analysis unit 602 analyzes the image represented by the image data input from the authentication request acquisition unit 601, and extracts a credit card image representing a credit card issued by a credit card company and a predetermined type of identification from the image. Detect an identification card image representing a certificate (eg, a driver's license).

For example, an employee of a credit card company registers in the image analysis unit 602 in advance a pattern that serves as a condition for detection as a credit card image. In this way, the image analysis unit 602 compares the registered pattern with the image represented by the input image data to determine whether the credit card image is included in the image represented by the input image data. If so, we can detect that credit card image.

Similarly, the employee of the credit card company preliminarily registers in the image analysis unit 602 a pattern that serves as a condition for detection as an identification card image (for example, a pattern that serves as a condition for detection as an image of a driver's license). In this way, the image analysis unit 602 compares the registered pattern with the image represented by the input image data to determine whether the image represented by the input image data includes the identification card image. If so, the ID image can be detected.

The image analysis unit 602 outputs the image analysis result to the determination unit 603 . The image analysis unit 602 outputs, for example, information indicating whether or not a credit card image is detected and whether or not an identification card image is detected as a result of image analysis of the input image data to the determination unit 603. . The image analysis unit 602 is implemented by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example.

Based on the image analysis result input from the image analysis unit 602, the determination unit 603 determines whether the image represented by the image data of the authentication request includes a credit card image and an identification card image. For example, when information indicating that a credit card image has been detected is received from the image analysis unit 602, the determination unit 603 determines that the image represented by the image data of the authentication request includes a credit card image. Conversely, when receiving information indicating that the credit card image has not been detected from the image analysis unit 602, the determination unit 603 determines that the credit card image is not included in the image represented by the image data of the authentication request. do.

Similarly, for example, when the determination unit 603 receives information indicating that an identification card image has been detected from the image analysis unit 602, the identification card image is included in the image represented by the image data of the authentication request. determine that there is Conversely, if the determination unit 603 receives information indicating that the identification card image has not been detected from the image analysis unit 602, the identification card image is not included in the image represented by the image data of the authentication request. I judge.

If the determination unit 603 determines that the image represented by the image data of the authentication request includes both the credit card image and the identification card image, the determination unit 603 instructs the image analysis unit 602 to convert the detected credit card image into card information. The acquisition unit 604 is instructed to input. The determination unit 603 is realized by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example. The determination unit 603 is an example of determination means according to the present invention.

The image analysis unit 602 inputs the detected credit card image to the card information acquisition unit 604 according to the instruction received from the determination unit 603 . At this time, the image analysis unit 602, for example, trims the detected credit card image portion from the image represented by the image data input to the image analysis unit 602, and transfers only the credit card image to the card information acquisition unit 604. to enter. In this way, the image handled by the card information acquisition unit 604 can be made smaller, so the processing load on the card information acquisition unit 604 can be reduced.

Based on the credit card image input from the image analysis unit 602, the card information acquisition unit 604 acquires the card number written on the credit card represented by the credit card image. For example, an employee of a credit card company registers in the card information acquisition unit 604 in advance information indicating an area (portion) to be read as a card number from a credit card image. Then, the card information acquisition unit 604 reads the character string written in the registered area of the input credit card image as the card number. Any known character recognition technology may be used for character recognition.

The card information acquisition unit 604 may also read the expiration date in addition to the card number from the credit card image. In this case as well, for example, the employee of the credit card company preliminarily registers in the card information acquisition unit 604 information indicating the area to be read as the expiration date from the credit card image. Then, the card information acquisition unit 604 may read the character string written in the registered area of the input credit card image as the expiration date. Similarly, the card information acquisition unit 604 may also read the name from the credit card image.

Card information acquisition section 604 outputs information indicating the acquired card number to search section 605 . If the card information acquisition unit 604 reads and acquires the expiration date from the credit card image, the card information acquisition unit 604 also outputs information indicating the acquired expiration date to the search unit 605 . Similarly, when the card information acquiring unit 604 reads and acquires the name from the credit card image, it also outputs information indicating the acquired name to the searching unit 605 . The card information acquisition unit 604 is implemented by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example. The card information acquisition unit 604 is an example of acquisition means according to the present invention.

The search unit 605 searches the card member information DB 500 for card member information including the received card number using the card number received from the card information acquisition unit 604 as a search key. Further, when the expiration date is received in addition to the card number from the card information acquisition unit 604, the search unit 605 searches for card member information including the received card number and the expiration date. Similarly, when the name is also received from the card information acquisition unit 604, the search unit 605 searches for card member information that further includes the received name.

When the card member information is retrieved, retrieval section 605 outputs the retrieved card member information to first verification section 606 . Further, when the card member information is retrieved, the retrieval unit 605 instructs the image analysis unit 602 to input the detected identification image to the first verification unit 606 . The search unit 605 is realized by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example.

Image analysis unit 602 inputs the detected identification card image to first collation unit 606 according to the instruction received from search unit 605 . At this time, the image analysis unit 602, for example, trims the portion of the detected identification card image from the image represented by the image data input to the image analysis unit 602, and extracts only the identification card image from the first verification unit. input to 606. In this way, the image handled by the first verification unit 606 can be made smaller, so the processing load of the first verification unit 606 can be reduced.

The first verification unit 606 acquires the identification card data from the card member information received from the search unit 605 and also acquires the identification card image input from the image analysis unit 602 . Then, the first collation unit 606 collates the acquired identification card data with the inputted identification card image. As a result, the first verification unit 606 determines whether or not the identification indicated by the obtained identification card data and the identification indicated by the inputted identification card image are the same identification.

The first matching unit 606, for example, first detects feature points of the input identification card image. Then, the first matching unit 606 compares the detected feature points of the identification card image with the feature points indicated by the acquired identification card data, and determines whether the difference between them is smaller than a preset threshold. judge. If the difference in the feature points is less than the threshold, the first matching unit 606 determines that the identification card indicated by the acquired identification card data and the identification card indicated by the input identification card image are the same identification card. Determine that there is. Conversely, if the difference in feature points is equal to or greater than the threshold, the first matching unit 606 determines that the identification card indicated by the acquired identification card data and the identification card indicated by the input identification card image are the same identification. It is determined that it is not a certificate.

Here, an example has been described in which the first verification unit 606 performs processing for detecting feature points of an identification card image, but the present invention is not limited to this. For example, the image analysis unit 602 may perform processing for detecting feature points of the identification card image and output the processing result to the first verification unit 606 .

In addition, the first verification unit 606 further confirms the shooting date and time (for example, time stamp) of the image data of the first authentication request at the time of the above-mentioned matching. is within a predetermined range (for example, within one day). In this case, the first collation unit 606 outputs information indicating that the collation was successful when it is determined by this determination that the range is within the predetermined range.

In this way, the card company server 110 confirms whether or not the credit card and identification card, which are subjects in the image represented by the image data of the first authentication request, are in the hands of the user, and there is a high possibility that they are in the possession of the user. (i.e. the user is likely to be the legitimate owner of the credit card and ID card), authentication by the first authentication method can be successful.

First collation unit 606 outputs the collation result to output control unit 607 . For example, if the first verification unit 606 determines that the identification card indicated by the acquired identification card data and the identification card indicated by the input identification card image are the same identification card, to the output control unit 607 . Also, in this case, the first collation unit 606 instructs the search unit 605 to input the searched card member information to the output control unit 607, for example. Search unit 605 inputs the searched card member information to output control unit 607 according to the instruction received from first collation unit 606 . The first collation unit 606 is realized by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example. The search unit 605 and the first collation unit 606 are examples of collation means according to the present invention.

Based on the verification result received from first verification section 606 , output control section 607 outputs authentication success information that enables the user who requested authentication to use services for card members. For example, when the output control unit 607 receives from the first verification unit 606 a verification result indicating that the identification card indicated by the identification card data and the identification card represented by the identification card image are the same identification card. , output authentication success information. The output destination of the authentication success information is, for example, the card member's contact information indicated by the card member information input from the search unit 605, that is, the user terminal 120 used by the user who transmitted the authentication request.

Moreover, in the present embodiment, the card company server 110 is also responsible for providing services for card members, but the present invention is not limited to this. For example, if the card member web page is provided on a server other than the card issuer server 110, that server is responsible for providing card member services. In this case, the output control unit 607 may output authentication success information to a server provided with a web page for card members. In this case, the destination of the server to which the authentication success information is to be output is preset for the card company server 110 by, for example, an employee of the card company. The output control unit 607 is implemented by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 or by the communication IF 203, for example.

Next, the functional units of the card issuer server 110 when performing authentication by the second authentication method will be described. In the following, descriptions of the same portions as those in the case of performing authentication by the first authentication method will be omitted as appropriate. When authentication is performed by the second authentication method, the card company server 110 includes, for example, a reception unit 600, an authentication request acquisition unit 601, an image analysis unit 602, a search unit 605, an output control unit 607, and a terminal identification information acquisition unit. 608 and a second collation unit 609 .

When authentication is performed by the second authentication method, the authentication request acquisition unit 601 acquires an authentication request including image data and terminal identification information from the information received from the reception unit 600, The image data is output to the image analysis unit 602 , and the acquired terminal identification information is input to the terminal identification information acquisition unit 608 .

The image analysis unit 602 performs image analysis of the image represented by the image data input from the authentication request acquisition unit 601, and detects, for example, a matching target image used for matching by the second matching unit 609 from the image. The matching target image is an image representing the main subject among the images represented by the input image data. The image representing the main subject is, for example, the image of the central portion (area within a predetermined range from the center) of the image represented by the input image data. Also, the image representing the main subject may be an image having a contour that is estimated to occupy the largest proportion in the image as a result of contour detection of the image represented by the input image data. The image analysis section 602 outputs the image analysis result to the second matching section 609 .

Terminal identification information acquisition section 608 acquires the terminal identification information input from authentication request acquisition section 601 and outputs the acquired terminal identification information to search section 605 . The terminal identification information acquisition unit 608 is implemented, for example, by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

The search unit 605 searches the card member information DB 500 for card member information including the terminal specific information received from the terminal specific information acquisition unit 608 using the terminal specific information received from the terminal specific information acquisition unit 608 as a search key. When the card member information is retrieved, retrieval section 605 outputs the retrieved card member information to second verification section 609 . Further, when the card member information is retrieved, the retrieval unit 605 instructs the image analysis unit 602 to input the detected matching target image to the second matching unit 609 .

A second collation unit 609 acquires authentication image data from the card member information received from the search unit 605 and acquires an image to be collated input from the image analysis unit 602 . Then, the second collation unit 609 collates the authentication image represented by the acquired authentication image data with the input image to be matched. Thereby, the second matching unit 609 determines whether or not the subject represented by the acquired authentication image data is the same as the subject represented by the input matching target image.

As with the first matching unit 606, the second matching unit 609, for example, first detects feature points of the input image to be matched. Then, the second verification unit 609 compares the detected feature points of the verification target image with the feature points indicated by the acquired authentication image data, and determines whether or not the difference between them is smaller than a preset threshold value. judge. If the difference between the feature points is less than the threshold, the second matching unit 609 determines that the subject represented by the acquired authentication image data and the subject represented by the input matching target image are the same. Conversely, if the difference in feature points is equal to or greater than the threshold, the second matching unit 609 determines that the subject represented by the acquired authentication image data is different from the subject represented by the input matching target image.

In addition, the second verification unit 609 further confirms the shooting date and time (for example, time stamp) of the image data of the second authentication request at the time of the above-mentioned checking. is within a predetermined range (for example, within one week). In this case, the second collation unit 609 outputs information indicating that the collation is successful when it is determined by this determination that the range is within the predetermined range.

In this way, the card company server 110 determines whether the subject in the image represented by the image data of the second authentication request (that is, the same subject in the authentication image) is at the user's hand. is confirmed, and if that possibility is high (that is, there is a high possibility that the user is the legitimate owner of the object that is the subject in the authentication image), authentication by the second authentication method can be successful. .

Second collation unit 609 outputs the collation result to output control unit 607 . For example, when the second matching unit 609 determines that the subject represented by the obtained authentication image data and the subject represented by the input matching target image are the same, the second matching unit 609 outputs information indicating that fact. output to 607; Also, in this case, the second collation unit 609 instructs the search unit 605 to input the searched card member information to the output control unit 607, for example. Search unit 605 inputs the searched card member information to output control unit 607 according to the instruction received from second collation unit 609 . The second collation unit 609 is implemented by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example. The search unit 605 and the second collation unit 609 are another example of collation means according to the present invention.

Based on the collation result received from the second collation unit 609, the output control unit 607 outputs authentication success information that enables a user who wishes to use the card member service to use the card member service. The output control unit 607 outputs authentication success information, for example, when receiving from the second verification unit 609 a verification result indicating that the object represented by the authentication image data and the object represented by the verification target image are the same. do. The output destination of the authentication success information is, for example, the card member's contact information indicated by the card member information input from the search unit 605, that is, the user terminal 120 used by the user who transmitted the authentication request.

In addition, when authentication is performed by the second authentication method, the authentication request acquisition unit 601 receives information input from the user terminal 120 or the like to the card company server 110, and the user who wishes to use the service for card members designates An authentication request may be obtained that further includes information indicating the assigned category. In this case, the user terminal 120 displays a category selection screen 900 upon transmission of the authentication request, for example, as shown in FIG. 9, and accepts category selection from the user. User terminal 120 then transmits an authentication request including information indicating the category selected by the user to card company server 110 . This allows the authentication request acquisition unit 601 to acquire an authentication request including information indicating the category.

When the authentication request acquisition unit 601 acquires an authentication request including the information indicating the category, the authentication request acquisition unit 601 outputs the acquired information indicating the category to the image analysis unit 602 . In this case, the image analysis unit 602 performs image analysis of the image represented by the input image data based on the information indicating the input category.

Specifically, the image analysis unit 602 detects the image of the input category from the image represented by the input image data. For example, an employee of a credit card company registers in the image analysis unit 602 in advance a pattern to be detected as an image of the category for each category prepared in advance. For example, in the case of the category "writing instruments", the employee of the card company pre-registers in the image analysis unit 602 patterns for detecting images of pencils, pens, fountain pens, etc. as images of the category "writing instruments".

As a result, the image analysis unit 602 compares the pattern registered for the specified category with the image represented by the input image data, and the image represented by the input image data is specified. If an image of the category is included, the image can be detected. Then, the image analysis unit 602 outputs the image of the category thus detected to the second matching unit 609 as a matching target image.

In this way, the user can be authenticated by the second authentication method using an image representing the subject intended by the user. Therefore, it is possible to increase the possibility that a user who knows the authentication image will be successfully authenticated by the second authentication method, thereby improving convenience for the user. Moreover, in this way, the image analysis unit 602 only needs to perform image analysis within the range of the designated category, so the processing load on the card issuer server 110 can be reduced.

In addition, as described above, when a plurality of images obtained by photographing one subject are registered in the card company server 110 as images for authentication, the card company server 110 receives the registered plurality of images or the corresponding image. Information obtained by image analysis of a plurality of images (for example, information indicating feature points of each image) may be used to match authentication images.

Further, the card company server 110 may further include an authentication image registration request acquisition unit and an authentication image registration unit (not shown) when performing authentication by the second authentication method. In this case, the reception unit 600 outputs the information received from the user terminal 120 or the like to the authentication image registration request acquisition unit. The authentication image registration request acquisition unit acquires the authentication image registration request including the image data and the terminal specific information from the information received from the reception unit 600, and sends the acquired authentication image registration request to the authentication image registration unit. Output. The authentication image registration request acquisition unit is realized, for example, by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

The authentication image registration unit registers the authentication image data in the card member information DB 500 based on the authentication image registration request received from the authentication image registration request acquisition unit. The authentication image registration unit uses, for example, the terminal identification information of the authentication image registration request received from the authentication image registration request acquisition unit as a search key, and searches the card member information DB 500 for card member information including this terminal identification information. do.

When the card member information is retrieved, the authentication image registration unit registers the image data of the authentication image registration request received from the authentication image registration request acquisition unit as the authentication image data of the retrieved card member information. . Further, the authentication image registration unit stores information indicating the image analysis result obtained by image analysis of the image data of the authentication image registration request received from the authentication image registration request acquisition unit as the retrieved card member information. You may register as image data for authentication. The authentication image registration unit is implemented, for example, by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

Further, the card company server 110 may further include a card usage information acquisition section 621 and an authentication image registration guide section 622 when authentication is performed by the second authentication method. In this case, the reception unit 600 also receives information transmitted to the card company server 110 from a shop terminal (for example, a credit inquiry terminal such as a CAT terminal) of a shop that accepts card payments (a so-called "member shop"). Accepting unit 600 then outputs the accepted information to card usage information acquiring unit 621 .

The card usage information acquisition unit 621 acquires information regarding card payment from the information received from the reception unit 600 . The information related to card payment is, for example, information including card information (for example, card number) of the credit card used for card payment. Information related to card payment may also include information indicating the store where the card payment was made. The card usage information acquisition unit 621 outputs the acquired card usage information to the authentication image registration guidance unit 622 . The card usage information acquisition unit 621 is realized by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example.

The authentication image registration guidance section 622 generates authentication image registration guidance information for guiding the registration of the authentication image based on the information regarding the card payment received from the card usage information acquisition section 621 . The authentication image registration guide information is information including, for example, a message such as "Would you like to register an image of a product purchased by card payment as an authentication image?" In addition, if the information on card payment includes information indicating a store, the authentication image registration guidance unit 622, based on the information indicating the store, for example, reads, "The purchase of goods purchased at XX store by card payment. Would you like to register the image as an authentication image?” may be generated.

After generating the authentication image registration guidance information, the authentication image registration guidance section 622 sends the generated authentication image registration guidance information and the card information related to the accepted card payment together to the output control section 607. Output. The authentication image registration guidance unit 622 is implemented by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example.

The output control unit 607 outputs the card information received from the authentication image registration guidance unit 622 to the search unit 605, and inquires of the search unit 605 about the card member information corresponding to this card information. In response to this inquiry, the search unit 605 searches the card member information DB 500 for card member information corresponding to the card information received from the output control unit 607, and when the card information is found, controls the output of the card member information. Output to unit 607 . Then, the output control unit 607 transmits the authentication image registration guide information received from the authentication image registration guide unit 622 to the contact address of the retrieved card member information. As a result, the card company server 110 can transmit the authentication image registration guidance information to the card member who purchased the product by card settlement, and can prompt the registration (update) of the authentication image.

By registering the authentication image according to the authentication image registration guide information, the user can register the image of the product recently purchased with the credit card as the authentication image. Therefore, the user can be authenticated by the second authentication method using an authentication image that is easy for the user to remember, such as an image of a product recently purchased with a credit card. Further, by registering the authentication image according to the authentication image registration guidance information, the user can periodically update his or her own authentication image (each time a card payment is made). It is possible to prevent authentication from being performed using an authentication image leaked to a third party.

Next, the functional units of the card issuer server 110 when performing authentication by the third authentication method will be described. In the following, descriptions of the same portions as those in the case of performing the authentication by the first authentication method and the authentication by the second authentication method will be omitted as appropriate. When authentication is performed by the third authentication method, the card company server 110 includes, for example, a reception unit 600, a search unit 605, an output control unit 607, a terminal identification information acquisition unit 608, a third authentication request acquisition unit 610, an authentication It has a reference image inquiry unit 611 and a selected image information acquisition unit 612 .

When authentication is performed by the third authentication method, the reception unit 600 receives information transmitted from the user terminal 120 or the like to the card company server 110, and receives the information as the third authentication request acquisition unit 610 and the selected image information. Output to acquisition unit 612 . Third authentication request acquisition section 610 acquires the third authentication request including the terminal identification information from the information received from reception section 600 , and transmits the acquired terminal identification information of the third authentication request to terminal identification information acquisition section 608 . input. The third authentication request acquisition unit 610 is implemented, for example, by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

Terminal identification information acquisition section 608 acquires the terminal identification information input from third authentication request acquisition section 610 and outputs the acquired terminal identification information to search section 605 . The search unit 605 searches the card member information DB 500 for card member information including the terminal specific information received from the terminal specific information acquisition unit 608 using the terminal specific information received from the terminal specific information acquisition unit 608 as a search key. When card member information is retrieved, retrieval unit 605 outputs the retrieved card member information to authentication image query unit 611 .

The authentication image inquiry unit 611 acquires authentication image data from the card member information received from the search unit 605 . Also, the authentication image inquiry unit 611 acquires arbitrary dummy image data from the dummy image data stored in the memory 202 . For example, a large number of dummy image data are stored in advance in the memory 202, and the authentication image inquiry unit 611 acquires a plurality of dummy image data from among them. As the number of dummy image data acquired by the authentication image inquiry unit 611 is increased, the strength of authentication by the third authentication method can be increased.

Then, the authentication image inquiry unit 611 generates third authentication data including the acquired authentication image data and dummy image data. The authentication image inquiry unit 611 determines, for example, the display order of the images represented by the acquired authentication image data and the dummy image data (for example, which image corresponds to each of the image selection buttons 1201 in FIG. 12). , authentication image data, dummy image data, and third authentication data including information indicating the display order of images represented by these data.

Further, the authentication image reference unit 611 stores the generated third authentication data in the memory 202 in association with the card member information received from the search unit 605, for example. As a result, the generated third authentication data and the selected image information received from the selected image information acquisition unit 612, which will be described later, can be linked by any information (for example, terminal specific information) included in the card member information. can.

The authentication image reference unit 611 also outputs the generated third authentication data to the output control unit 607 . Further, in this case, the authentication image inquiry unit 611 instructs the search unit 605 to input the searched card member information to the output control unit 607, for example. Search unit 605 inputs the searched card member information to output control unit 607 according to the instruction received from authentication image reference unit 611 . The authentication image inquiry unit 611 is implemented by the CPU 201 shown in FIG. 2 executing a program stored in the memory 202 .

The output control unit 607 outputs the third authentication data received from the authentication image inquiry unit 611 to the terminal of the user who wishes to use the service for card members. The output destination of the third authentication data is, for example, the card member's contact information indicated by the card member information input from the search unit 605, that is, the user terminal 120 used by the user who sent the third authentication request.

The selected image information obtaining unit 612 obtains selected image information indicating the image selected by the user from the information received from the receiving unit 600 and inputs the obtained selected image information to the authentication image query unit 611 . . The selected image information also includes, for example, terminal identification information of the user terminal 120 that is the transmission source. The selected image information acquisition unit 612 is realized by executing a program stored in the memory 202 by the CPU 201 shown in FIG. 2, for example.

For example, based on the terminal identification information of the selected image information received from the selected image information acquisition unit 612, the authentication image inquiry unit 611 reads the third authentication data stored in the memory 202 in association with the terminal identification information. . Then, the authentication image inquiry unit 611 determines whether or not an authentication image has been selected based on the read authentication image data of the third authentication data and the received selected image information.

Specifically, for example, it is assumed that the information indicating the display order of each image of the read third authentication data indicates that the display order of the authentication image is second. In this case, if the received selected image information indicates that the second image has been selected (for example, the image selection button 1201b described later has been pressed), the authentication image inquiry unit 611 is selected.

On the other hand, if the received selected image information indicates that an image other than the second image has been selected, the authentication image inquiry unit 611 determines that the authentication image has not been selected. The authentication image inquiry unit 611 then outputs the determination result (inquiry result) to the output control unit 607 . At this time, the authentication image inquiry unit 611 also outputs the card member information stored in the memory 202 in association with the third authentication data to the output control unit 607, for example.

The output control unit 607 outputs authentication success information that enables a user who wishes to use the card member service to use the card member service based on the determination result received from the authentication image reference unit 611 . The output control unit 607 outputs authentication success information, for example, when it is determined that the authentication image has been selected. The output destination of the authentication success information is, for example, the card member's contact information indicated by the card member information input from the authentication image inquiry unit 611, that is, the user terminal 120 used by the user who sent the third authentication request. The reception unit 600, the search unit 605, the output control unit 607, the authentication image inquiry unit 611, and the selected image information acquisition unit 612 are examples of inquiry means according to the present invention.

Also, when performing authentication by the third authentication method, the card issuer server 110, similarly to the case of performing authentication by the second authentication method, uses the authentication image registration request acquisition unit, the authentication image registration unit, and the card usage information acquisition unit. A unit 621, an authentication image registration guidance unit 622, and the like may be provided.

In addition, in the present embodiment, card company server 110 performs authentication by any of the first to third authentication methods. Only authentication by one authentication method may be performed.

For example, when only authentication by the first authentication method is performed, the card issuer server 110 does not need to include functional units other than the functional units described in the example of performing authentication by the first authentication method. . Similarly, when only authentication by the second authentication method is performed, the card issuer server 110 does not need to include functional units other than the functional units described in the example of performing authentication by the second authentication method. good. Further, when only authentication by the third authentication method is performed, the card issuer server 110 does not need to include functional units other than the functional units described in the example of performing authentication by the third authentication method. .

(Example of start screen displayed by user terminal 120)
Next, a display example of the user terminal 120 will be described. FIG. 7 is a diagram showing an example of the start screen displayed by the user terminal according to the embodiment. The user terminal 120 displays a start screen 700 shown in FIG. 7, for example, when the cardholder application is started.

The start screen 700 is provided with a user ID input box 701 , a password input box 702 , a login button 703 , a first login camera button 704 and a second login camera button 705 . When the user wants to be authenticated by a user ID and password, the user operates the user terminal 120 to enter the user ID in the user ID input box 701 and the password in the password input box 702, respectively, and press the login button 703. (Tap, for example).

On the other hand, if the user wishes to be authenticated by the first authentication method, the user can press the first login camera button 704 by operating the user terminal 120 . If the user wishes to be authenticated by the second authentication method, the user can press the second login camera button 705 by operating the user terminal 120 . When the first login camera button 704 or the second login camera button 705 is pressed, the user terminal 120 activates the camera of the user terminal 120 and displays the shooting screen shown in FIG. That is, the first login camera button 704 and the second login camera button 705 are examples of activation instruction buttons for instructing activation of the imaging device of the user terminal 120, and the start screen 700 is a display provided with the activation instruction buttons. It is an example of a screen.

(Example of a shooting screen displayed by the user terminal 120)
FIG. 8 is a diagram showing an example of a shooting screen displayed by the user terminal according to the embodiment. An image being captured 801 captured by the camera of the user terminal 120 is displayed on the captured screen 800 shown in FIG. In the example shown in FIG. 8, the camera of user terminal 120 captures an image of a credit card and driver's license. Therefore, the captured image 801 is an image including a credit card image 801a representing a credit card and a driver's license image 801b representing a driver's license.

Also, on the shooting screen 800, a message (in the illustrated example, "Please take a picture of XX") is displayed to guide the user to an object to be shot. For example, when the first login camera button 704 is pressed, this message is "Please take a picture of your credit card and identification card", and when the second login camera button 705 is pressed, "You have registered." Please shoot the same subject as the authentication image."

Further, the shooting screen 800 is provided with a shutter button 802 . When the shutter button 802 is pressed, the user terminal 120 stores image data representing the image 801 being imaged at that time in the memory 302 and transmits an authentication request including the image data to the card issuer server 110 . When the user terminal 120 receives the authentication success information from the card company server 110 by transmitting the authentication request, the user terminal 120 displays the menu screen shown in FIG. On the other hand, when the user terminal 120 receives authentication failure information from the card company server 110, the authentication failure notification screen shown in FIG. 11 is displayed.

(Example of category selection screen displayed by user terminal 120)
FIG. 9 is a diagram showing an example of a category selection screen displayed by the user terminal according to this embodiment. For example, when the second login camera button 705 is pressed, the user terminal 120 displays the category selection screen 900 shown in FIG. 9 before displaying the shooting screen 800 .

A category selection screen 900 is provided with category selection buttons 901 corresponding to categories predetermined by the card company as categories of authentication images. In this embodiment, the card company prepares "person", "pet", "writing utensil", etc. as categories of authentication images. Therefore, the category selection buttons 901 include a category selection button 901a corresponding to the category "person", a category selection button 901b corresponding to the category "pets", a category selection button 901c corresponding to the category "writing instruments", and the like. ing.

Therefore, if the authentication image registered in the card company server 110 is an image of a person such as the user's own face, the user can press the category selection button 901a. Also, if the authentication image registered in the card company server 110 is an image of a pet such as a dog or cat, the user can press the category selection button 901b. Then, if the authentication image registered in the card company server 110 is an image of a writing instrument such as a fountain pen or pen, the user can press the category selection button 901c. Then, when the second login camera button 705 is pressed, the user terminal 120 transmits an authentication request including information indicating the category selected by the user on the category selection screen 900 to the card company server 110 .

(Example of menu screen displayed by user terminal 120)
FIG. 10 is a diagram showing an example of a menu screen displayed by the user terminal according to this embodiment. A menu screen 1000 shown in FIG. 10 is provided with service selection buttons 1001 corresponding to each service prepared by the card company as a service for card members. In this embodiment, the card company provides services for card members such as registration of images for authentication, inquiry of usage details, inquiry of available amount, and the like. Therefore, as the service selection buttons 1001, a service selection button 1001a corresponding to registration of an authentication image, a service selection button 1001b corresponding to inquiry of usage details, and a service selection button 1001c corresponding to inquiry of available amount are provided. It is

Therefore, when the user wants to register the authentication image, the user can press the service selection button 1001a. When the service selection button 1001a is pressed, for example, the user terminal 120 first displays the category selection screen 900 shown in FIG. 9, and receives from the user the selection of the category of the authentication image to be registered. After that, the user terminal 120 displays the photographing screen 800 shown in FIG. 8 to photograph an authentication image to be registered. Then, the user terminal 120 transmits an authentication image registration request including image data representing the selected category and the photographed image to the card company server 110 to register the authentication image data and the category.

In addition, when registering the authentication image, the user terminal 120 causes the user to take multiple shots, and transmits an authentication image registration request including multiple image data obtained by these shots to the card company server 110. You may do so. In this case, the card company server 110, for example, analyzes the image represented by each image data of the authentication image registration request, and acquires information indicating these characteristic points. Then, the card company server 110 detects the authentication image using the information indicating the characteristic points thus acquired, thereby improving the detection accuracy of the authentication image.

On the other hand, if the user wants to inquire about the usage details of his or her credit card, the user can press the service selection button 1001b. When the service selection button 1001b is pressed, the user terminal 120 accesses the user's credit card statement inquiry website provided on the card company server 110 and displays the website. Also, if the user wants to inquire about the available amount of his or her credit card, the user can press the service selection button 1001c. When the service selection button 1001c is pressed, the user terminal 120 accesses the user's credit card available credit check website provided on the card company server 110 and displays the website.

Also, for example, a button corresponding to registration of biometric authentication is provided as the service selection button 1001, and the user can use the service for card members to register biometric information such as his/her fingerprint and iris in the card company server 110. You may do so. In this case, the user terminal 120 includes, for example, a fingerprint sensor, and activates the fingerprint sensor when a button corresponding to registration of biometric authentication is pressed, and acquires user fingerprint information with the fingerprint sensor. The user terminal 120 then transmits the acquired fingerprint information to the card company server 110 . In this case, user terminal 120 activates a camera when a button corresponding to registration of biometric authentication is pressed, and transmits information indicating the user's iris photographed by the camera to card company server 110. may

By doing so, the user can register biometric information such as his or her fingerprint and iris in the card company server 110 by using the service for card members. In addition, when the user's biometric information is registered, the card company server 110 allows the user to be authenticated by the biometric information registered in the card company server 110 when the user subsequently uses services for card members. may

In this way, when the user is logged in to the service for card members (the service for card members is available), the new image can be used for the service for card members from the next time onwards. You may make it register as an authentication image for doing. In addition, at this time, biometric information such as the user's fingerprint and iris may be registered in addition to the authentication image (for example, the user's belongings).

(Example of authentication failure notification screen displayed by user terminal 120)
FIG. 11 is a diagram showing an example of an authentication failure notification screen displayed by the user terminal according to the embodiment. An authentication failure notification screen 1100 shown in FIG. 11 displays a message to the effect that authentication has failed ("Authentication failed" in the illustrated example). Also, on the authentication failure notification screen 1100, a message asking the user whether or not to accept authentication by the third authentication method (in the illustrated example, "Would you like to carry out authentication by selecting an authentication image?") is displayed. . The authentication failure notification screen 1100 includes a "Yes" button 1101 for selecting authentication by the third authentication method and a "No" button for selecting not to be authenticated by the third authentication method. 1102 are provided.

Therefore, if the user wishes to be authenticated by the third authentication method, the user can press the “Yes” button 1101 . When the “Yes” button 1101 is pressed, the user terminal 120 transmits to the card company server 110 a third authentication request indicating that the user will be authenticated by the third authentication method. When the user terminal 120 receives the third authentication data from the card company server 110 by transmitting the third authentication request, the user terminal 120 displays the authentication image selection screen shown in FIG.

On the other hand, if the user does not want to be authenticated by the third authentication method, the user can press the “No” button 1102 . The user terminal 120 does not transmit the third authentication request to the card company server 110 when the "No" button 1102 is pressed. In this case, the user terminal 120 does not display the authentication image selection screen shown in FIG.

(Example of authentication image selection screen displayed by user terminal 120)
FIG. 12 is a diagram showing an example of an authentication image selection screen displayed by the user terminal according to the present embodiment. An authentication image selection screen 1200 is provided with image selection buttons 1201 corresponding to images represented by the authentication image data and the dummy image data included in the third authentication data received by the user terminal 120 from the card company server 110 . be done.

In the example shown in FIG. 12, for example, if the user wants to select the image on the left end of the top row as the image for authentication, the user can press the image selection button 1201a of the image selection buttons 1201 . Further, for example, if the user wants to select the image in the center of the top row as the authentication image, the user can press the image selection button 1201b of the image selection buttons 1201 . Then, for example, if the user wants to select the image on the right end of the top row as the authentication image, the user can press the image selection button 1201c of the image selection buttons 1201 .

When one of the image selection buttons 1201 is pressed, the user terminal 120 transmits selected image information indicating the selected image to the card company server 110 . When the user terminal 120 receives authentication success information from the card company server 110 by transmitting the selected image information, the user terminal 120 displays the menu screen 1000 shown in FIG.

On the other hand, when the user terminal 120 receives authentication failure information from the card company server 110, the authentication failure notification screen 1100 shown in FIG. 11 is displayed. In addition, on the authentication failure notification screen 1100 in this case, while a message to the effect that authentication has failed is displayed, a message asking the user whether or not to receive authentication by the third authentication method, a "yes" button 1101, and a "no" button are displayed. button 1102 may be hidden.

(Example of processing performed by user terminal 120)
Next, an example of processing performed by the user terminal 120 will be described. FIG. 13 is a flow chart showing an example of authentication request transmission processing performed by the user terminal according to the present embodiment. For example, when the card member application is activated and the start screen 700 is displayed, the user terminal 120 performs the processing shown in FIG.

In FIG. 13, the user terminal 120 determines whether or not the first login camera button 704 has been pressed (step S1301). If it is determined that the first login camera button 704 has been pressed (step S1301: Yes), the user terminal 120 activates the camera of the user terminal 120 (step S1302) and displays the shooting screen 800 (step S1303).

Then, the user terminal 120 determines whether or not the shutter button 802 has been pressed (step S1304). If it is determined that the shutter button 802 has not been pressed (step S1304: No), the user terminal 120 waits until the shutter button 802 is pressed.

When determining that the shutter button 802 has been pressed (step S1304: Yes), the user terminal 120 stores the image data of the image being captured 801 (step S1305). Also, the user terminal 120 acquires the terminal identification information of its own terminal, for example, by referring to the setting information stored in the user terminal 120 (step S1306).

Then, the user terminal 120 transmits an authentication request including the image data stored in step S1305 and the terminal identification information acquired in step S1306 to the card company server 110 (step S1307). Terminate the indicated process. Also, when the first login camera button 704 is pressed, the user terminal 120, for example, in step S1307, transmits to the card company server 110 a first authentication request indicating that the user is to be authenticated by the first authentication method.

When determining that the first login camera button 704 has not been pressed (step S1301: No), the user terminal 120 determines whether the second login camera button 705 has been pressed (step S1308). When determining that the second login camera button 705 has been pressed (step S1308: Yes), the user terminal 120 displays the category selection screen 900 (step S1309).

Then, the user terminal 120 determines whether or not a category has been selected by pressing one of the category selection buttons 901 (step S1310). If it is determined that no category has been selected (step S1310: No), the user terminal 120 waits until a category is selected. If it is determined that a category has been selected (step S1310: Yes), the user terminal 120 proceeds to the process of step S1302.

Note that in the process of step S1307 performed by pressing the second login camera button 705, the user terminal 120 transmits to the card company server 110 an authentication request including information indicating the category selected by the process of step S1310. do. Also, when the second login camera button 705 is pressed, the user terminal 120, for example, in step S1307, transmits to the card company server 110 a second authentication request indicating to receive authentication by the second authentication method.

When determining that the second login camera button 705 has not been pressed (step S1308: No), the user terminal 120 determines whether the login button 703 has been pressed (step S1311). When determining that the login button 703 has not been pressed (step S1311: No), the user terminal 120 proceeds to the process of step S1301.

If it is determined that the login button 703 has been pressed (step S1311: Yes), the user terminal 120 proceeds to processing in step S1306. Note that the user terminal 120 transmits an authentication request including the input contents of the user ID input box 701 and the password input box 702 to the card company server 110 in the process of step S1307 performed by pressing the login button 703 .

FIG. 14 is a flowchart showing an example of authentication success/failure information reception processing performed by the user terminal according to the present embodiment. The user terminal 120 performs the process shown in FIG. 14, for example, when transmitting the authentication request by the process of step S1307.

In FIG. 14, the user terminal 120 determines whether or not authentication success information has been received from the card company server 110 (step S1401). If it is determined that authentication success information has been received from the card company server 110 (step S1401: Yes), the user terminal 120 displays the menu screen 1000 (step S1402).

Then, the user terminal 120 determines whether or not the selection button (service selection button 1001a) corresponding to registration of the authentication image has been pressed (step S1403). When determining that the selection button corresponding to registration of the authentication image has not been pressed (step S1403: No), the user terminal 120 terminates the processing shown in FIG.

If it is determined that the selection button corresponding to registration of the authentication image has been pressed (step S1403: Yes), the user terminal 120 displays the category selection screen 900 (step S1404). Then, the user terminal 120 determines whether or not a category has been selected by pressing one of the category selection buttons 901 (step S1405).

When determining that no category has been selected (step S1405: No), the user terminal 120 waits until a category is selected. If it is determined that a category has been selected (step S1405: Yes), the user terminal 120 activates the camera of the user terminal 120 (step S1406) and displays the shooting screen 800 (step S1407).

The user terminal 120 then determines whether the shutter button 802 has been pressed (step S1408). If it is determined that the shutter button 802 has not been pressed (step S1408: No), the user terminal 120 waits until the shutter button 802 is pressed.

If it is determined that the shutter button 802 has been pressed (step S1408: Yes), the user terminal 120 stores the image data of the image being captured 801 (step S1409), Acquire (step S1410). Then, the user terminal 120 transmits to the card company server 110 an authentication image registration request containing the image data stored in step S1305 and the terminal identification information acquired in step S1306 (step S1411). The processing shown in FIG. 14 ends.

If it is determined that authentication success information has not been received (step S1401: No), the user terminal 120 determines whether or not authentication failure information has been received (step S1412). If it is determined that authentication failure information has not been received (step S1412: No), the user terminal 120 proceeds to processing of step S1401. When determining that the authentication failure information has been received (step S1412: Yes), the user terminal 120 displays the authentication failure notification screen 1100 (step S1413).

Then, the user terminal 120 determines whether or not to be authenticated by the third authentication method (step S1414). In the process of step S1414, the user terminal 120 makes an affirmative determination when the "yes" button 1101 is pressed, and makes a negative determination when the "no" button 1102 is pressed. If it is determined not to be authenticated by the third authentication method (step S1414: No), the user terminal 120 ends the processing shown in FIG.

If the user terminal 120 determines to receive authentication by the third authentication method (step S1414: Yes), the user terminal 120 transmits a third authentication request to the card company server 110 (step S1415). Then, the user terminal 120 determines whether or not the third authentication data has been received from the card company server 110 (step S1416).

If it is determined that the third authentication data has not been received (step S1416: No), the user terminal 120 waits until the third authentication data is received. When determining that the third authentication data has been received (step S1416: Yes), the user terminal 120 displays the authentication image selection screen 1200 (step S1417).

Then, the user terminal 120 determines whether or not an image has been selected by pressing one of the image selection buttons 1201 (step S1418). If it is determined that no image has been selected (step S1418: No), the user terminal 120 waits until an image is selected. If it is determined that an image has been selected (step S1418: Yes), the user terminal 120 transmits selected image information indicating the selected image to the card company server 110 (step S1419), and ends the processing shown in FIG. do. Although illustration is omitted, the user terminal 120 displays the menu screen 1000 in the same manner as in the process of step S1402 when authentication success information is received by transmitting the selected image information in the process of step S1419.

(Example of processing performed by card company server 110)
Next, an example of processing performed by the card company server 110 will be described. FIG. 15A is a flowchart (part 1) showing an example of authentication processing performed by the card company server of the present embodiment. FIG. 15B is a flowchart (part 2) showing an example of authentication processing performed by the card company server according to the present embodiment. FIG. 15C is a flowchart (part 3) showing an example of authentication processing performed by the card company server according to the present embodiment.

The card company server 110 determines whether or not the third authentication request has been received from the user terminal 120 (step S1501). When determining that the third authentication request has not been received (step S1501: No), the card issuer server 110 determines whether or not an authentication request other than the third authentication request has been received from the user terminal 120 (step S1502). ). When determining that an authentication request other than the third authentication request has not been received (step S1502: No), the card company server 110 proceeds to the process of step S1501.

If it is determined that an authentication request other than the third authentication request has been received (step S1502: Yes), the card company server 110 adds the user ID and password (that is, user ID input box 701 and password input box 702) to the received authentication request. input content) is included (step S1503).

If it is determined that the authentication request includes user ID and password information (step S1503: Yes), card issuer server 110 retrieves card member information from card member information DB 500 using this user ID and password as search keys. Search (step S1504). In the process of step S1504, card issuer server 110 searches for card member information including information on a user ID and password that match the user ID and password used as search keys.

The card company server 110 then determines whether card member information has been retrieved (step S1505). If it is determined that the card member information has been retrieved (step S1505: Yes), the card company server 110 transmits authentication success information to the user terminal 120 (step S1506), and terminates the processing shown in FIGS. 15A to 15C. . As a result, the user can register the authentication image by, for example, using the service for card members after being authenticated using the user ID and password.

On the other hand, if it is determined that the card member information has not been retrieved (step S1505: No), the card company server 110 transmits authentication failure information to the user terminal 120 (step S1507), and performs the processing shown in FIGS. 15A to 15C. exit.

If it is determined that the authentication request does not contain the user ID and password information (step S1503: No), the card company server 110 performs image analysis processing for image analysis of the received image data of the authentication request ( step S1508). In the processing of step S1508, the card company server 110 performs image analysis for detecting a credit card image or an identification card image, for example, using a pattern serving as a condition for detection as a credit card image or an identification card image.

In addition, in the process of step S1508, the card company server 110 performs image analysis for detecting an image to be matched when, for example, a credit card image or an identification card image cannot be detected. When detecting an image to be matched, the card company server 110 detects, for example, an image of a specific portion (for example, the central portion) of the image represented by the received image data of the authentication request. Also, if the received authentication request contains information indicating a category, the card issuer server 110, as described above, based on the information indicating the category in the received authentication request, detects a pattern as an image of the category. may be used to perform image processing for detecting matching target images.

Next, the card company server 110 determines whether or not the image represented by the received image data of the authentication request includes a credit card image and an identification card image (step S1509).

If it is determined that the credit card image and the identification card image are included (step S1509: Yes), the card company server 110 reads the card number and expiration date from the credit card image of the received authentication request (step S1510). , the card member information is searched from the card member information DB 500 using the read card number and expiration date as search keys (step S1511). In the process of step S1511, the card company server 110 searches for card member information including information on the card number and expiration date that match the card number and expiration date used as search keys.

In the process of step S1510, the card company server 110 may further read the name from the credit card image represented by the received image data of the authentication request. In this case, in the process of step S1511, card issuer server 110 may search card member information from card member information DB 500 using the read card number, expiration date, and name as search keys.

The card company server 110 then determines whether card member information has been retrieved (step S1512). If it is determined that no card member information has been retrieved (step S1512: No), the card company server 110 proceeds to processing in step S1507. On the other hand, if it is determined that the card member information has been retrieved (step S1512: Yes), the card company server 110 acquires the identification data of the retrieved card member information (step S1513). Then, the card company server 110 compares the identification card image represented by the received image data of the authentication request with the identification card image represented by the acquired identification card data (step S1514). (step S1515).

If it is determined that they are the same identification (step S1515: Yes), the card company server 110 proceeds to the process of step S1506. If it is determined that the identification cards are not the same (step S1515: No), the card company server 110 proceeds to the process of step S1507.

Further, when the card company server 110 determines that the credit card image and the identification card image are not included in the process of step S1509 (step S1509: No), the process proceeds to step S1516 shown in FIG. 15B, The card member information is searched from the card member information DB 500 using the terminal specific information of the received authentication request as a search key (step S1516). In the process of step S1516, the card company server 110 searches for card member information including terminal identification information that matches the terminal identification information used as the search key.

The card company server 110 then determines whether card member information has been retrieved (step S1517). If it is determined that the card member information has not been retrieved (step S1517: No), the card company server 110 proceeds to the process of step S1507. On the other hand, if it is determined that the card member information has been retrieved (step S1517: Yes), the card company server 110 acquires authentication image data of the retrieved card member information (step S1518). Then, the card company server 110 compares the image represented by the received image data of the authentication request with the authentication image represented by the acquired authentication image data (step S1519). (step S1520).

If it is determined that the subjects are the same (step S1520: Yes), the card issuer server 110 proceeds to the process of step S1506. If it is determined that the subjects are not the same (step S1520: No), the card issuer server 110 proceeds to the process of step S1507.

Further, when the card company server 110 determines that the third authentication request has been received through the process of step S1501 (step S1501: Yes), the card company server 110 proceeds to the process of step S1521 shown in FIG. Then, the card member information is searched from the card member information DB 500 using the terminal specific information of the received authentication request as a search key (step S1521).

The card company server 110 then determines whether card member information has been retrieved (step S1522). If it is determined that the card member information has not been retrieved (step S1522: No), the card company server 110 proceeds to the process of step S1507. On the other hand, if it is determined that the card member information has been retrieved (step S1522: Yes), the card issuer server 110 acquires authentication image data of the retrieved card member information (step S1523), and then generates dummy image data. Acquire (step S1524).

Then, the card company server 110 transmits the third authentication data including the acquired authentication image data and the dummy image data to the user terminal 120 (step S1525), and determines whether or not the selected image information has been received from the user terminal 120. is determined (step S1526). If it is determined that the selected image information has not been received (step S1526: No), the card company server 110 waits until the selected image information is received. If it is determined that the selected image information has been received (step S1526: Yes), the card issuer server 110 determines whether or not an authentication image has been selected based on the received selected image information (step S1527).

If it is determined that the authentication image has been selected (step S1527: Yes), the card company server 110 proceeds to the process of step S1506. If it is determined that the authentication image has not been selected (step S1527: No), the card company server 110 proceeds to the process of step S1507.

As described above, according to the card company server 110, a user who has the right to receive the service for card members provided by the card company can easily use the service. Use can be promoted.

In this embodiment, the information processing apparatus according to the present invention is applied to the card company server 110 of the card company, but the present invention is not limited to this. For example, if it is possible to share various types of information between different industries using a credit card API (Application Programming Interface), a server of a company other than the card company (for example, a server of a bank or an insurance company server) can also realize the information processing apparatus according to the present invention.

Also, in the present embodiment, an example in which the service provider is a card company has been described, but the present invention is not limited to this. The service provider may be any provider (for example, a company) that provides services to users registered as members in advance. Further, in the present embodiment, an example has been described in which a credit card company, which is a service provider, issues a credit card corresponding to a membership card, but the service provider does not have to issue a membership card. Even in this case, the user can register the authentication image using the service provided by the service provider by being authenticated using the user ID and password, for example. It is possible to receive authentication by a second authentication method or a third authentication method using the .

Further, the authentication method described in this embodiment can be realized by executing a prepared program on a computer such as a personal computer or a workstation. This certification program is stored on a computer-readable storage medium such as a hard disk, flexible disk, CD (Compact Disc)-ROM, MO (Magneto-Optical disk), DVD (Digital Versatile Disk), USB (Universal Serial Bus) memory, etc. It is stored and executed by being read from a storage medium by a computer. Also, the authentication program may be distributed via a network such as the Internet.

As described above, according to the present invention, a user who has the right to receive a service can easily use the service.

Further, the following additional remarks are disclosed with respect to the above-described embodiment.

(Appendix 1) A first computer equipped with an imaging device,
displaying a display screen provided with an activation instruction button for accepting an operation for instructing activation of the imaging device and for accepting input of information relating to an authentication request;
When an operation on the activation instruction button is accepted, the imaging device is activated and image data captured by the imaging device is acquired;
transmitting the authentication request including the acquired image data to a second computer that performs authentication based on the authentication request;
A control program characterized by executing processing.

INDUSTRIAL APPLICABILITY As described above, the authentication program, authentication method, and information processing apparatus according to the present invention are useful as an authentication program, authentication method, and information processing apparatus that make it easy for users to use services provided by service providers. In particular, it is suitable for an authentication program, authentication method, and information processing apparatus that makes it easy for users who have the right to use a service provided by a service provider only to specific users to use the service. there is

100 Service Use Support System 110 Card Company Server 111 Storage Unit 120 User Terminal 130 Network

Claims (3)

In a first computer equipped with an imaging device,
displaying on a display screen a plurality of activation instruction buttons for different authentication methods using different image data as activation instruction buttons for receiving an operation instructing activation of the imaging device;
By operating one activation instruction button corresponding to one authentication method selected by a user, a request for user authentication by the selected authentication method and a unique authentication object owned by the user that can be used for the user authentication Accepting input of information related to an authentication request including a plurality of image data captured from a plurality of angles including a top surface on which authentication information is described and a side surface different from the top surface,
When an operation on the activation instruction button is accepted, the imaging device is activated and the image data captured by the imaging device is obtained;
transmitting the authentication request including the acquired image data to a second computer that performs authentication based on the authentication request;
An authentication program characterized by executing processing. A first computer equipped with an imaging device,
displaying on a display screen a plurality of activation instruction buttons for different authentication methods using different image data as activation instruction buttons for receiving an operation instructing activation of the imaging device;
By operating one activation instruction button corresponding to one authentication method selected by a user, a request for user authentication by the selected authentication method and a unique authentication object owned by the user that can be used for the user authentication Accepting input of information related to an authentication request including a plurality of image data captured from a plurality of angles including a top surface on which authentication information is described and a side surface different from the top surface,
When an operation on the activation instruction button is accepted, the imaging device is activated and the image data captured by the imaging device is obtained;
transmitting the authentication request including the acquired image data to a second computer that performs authentication based on the authentication request;
An authentication method characterized by executing processing. an imaging device;
displaying on a display screen a plurality of activation instruction buttons for different authentication methods using different image data as activation instruction buttons for receiving an operation instructing activation of the imaging device;
By operating one activation instruction button corresponding to one authentication method selected by a user, a request for user authentication by the selected authentication method and a unique authentication object owned by the user that can be used for the user authentication Receiving input of information related to an authentication request, including a plurality of image data captured from a plurality of angles including a top surface on which authentication information is described and a side surface different from the top surface,
When an operation on the activation instruction button is accepted, the imaging device is activated and the image data captured by the imaging device is obtained;
a control unit that transmits the authentication request including the acquired image data to a computer that performs authentication based on the authentication request;
An information processing device comprising:

Images